disassembler · May 31, 2017 13:59
diff --git a/pkg.nix b/pkg.nix
 with import <nixpkgs> {}; # bring all of Nixpkgs into scope

 antBuild {
  name = "passopolis-unstable-2016-05-07";

  src = fetchgit {
    url = "https://github.com/WeAreWizards/passopolis-server";
    sha256 = "0ywmymbjcfsxv1p1j0l0lw9cb7f79h23ic1c4b5w5nb0k9f4zvfq";
    rev = "b827b3a6176e050deb729009676fad7e86e5393a";
    leaveDotGit = true;
  };

  buildInputs = [ git python ];
  antTargets = [ "jar" ];

  meta = {
    homepage = "https://github.com/WeAreWizards/passopolis-server";
    description = "A well-designed, well-functioning and secure secret manager.";
    license = stdenv.lib.licenses.gpl3;
  };
 }
diff --git a/service.nix b/service.nix
 { config, lib, pkgs, ... }:

 with lib;

 let
  cfg = config.services.passopolis;
 in {
  ###### interface

  options = {

    services.passopolis = {

      enable = mkEnableOption "Passopolis";

      user = mkOption {
        type = types.str;
        default = "passopolis";
        description = "User account under which passopolis runs.";
      };

      statePath = mkOption {
        type = types.str;
        default = "/var/passopolis";
        description = "The state directory";
      };

      databaseHost = mkOption {
        type = types.str;
        default = "127.0.0.1";
        description = "Database hostname";
      };

      databaseName = mkOption {
        type = types.str;
        default = "passopolis";
        description = "Database name";
      };

      enablePostgreSQLDatabase = mkOption {
        type = types.bool;
        default = true;
        description = ''
          Whether to enable a local postgresql service as database for passopolis
        '';
      };
    };

  };


  ###### implementation

  config = mkIf cfg.enable {

    users.extraUsers.passopolis = {
      name = cfg.user;
      description = "Passopolis service user";
    };

    services.postgresql.enable = mkDefault true;
    environment.systemPackages = [
      import ./pkg.nix
    ];

    systemd.services.passopolis = {
      description = "Passopolis service";
      after = [ "network.target" "postgresql.service" ];
      wantedBy = [ "multi-user.target" ];
      path = with pkgs; optional cfg.enablePostgreSQLDatabase [
        config.services.postgresql.package
      ];
      preStart = ''
      mkdir -p ${cfg.statePath}
      chown ${cfg.user} ${cfg.statePath}
      ${lib.optionalString cfg.enablePostgreSQLDatabase ''
        if ! test -e "${cfg.statePath}/db-created"; then
          psql postgres -c "CREATE ROLE ${cfg.user} WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER"
          ${config.services.postgresql.package}/bin/createdb --owner ${cfg.user} ${cfg.databaseName} || true
          touch "${cfg.statePath}/db-created"
        fi
      ''}
      '';

      serviceConfig = {
        PermissionsStartOnly = true; # preStart must be run as root
        Type = "simple";
        ExecStart = "${pkgs.jre}/bin/java -DgenerateSecretsForTest=true -Ddatabase_url=jdbc:postgresql://${cfg.databaseHost}:5432/${cfg.databaseName} -ea -jar ${pkgs.passopolis}/share/java/mitrocore.jar";
        User = cfg.user;
      };
    };
  };
 }
	with import <nixpkgs> {}; # bring all of Nixpkgs into scope

	antBuild {
	name = "passopolis-unstable-2016-05-07";

	src = fetchgit {
	url = "https://github.com/WeAreWizards/passopolis-server";
	sha256 = "0ywmymbjcfsxv1p1j0l0lw9cb7f79h23ic1c4b5w5nb0k9f4zvfq";
	rev = "b827b3a6176e050deb729009676fad7e86e5393a";
	leaveDotGit = true;
	};

	buildInputs = [ git python ];
	antTargets = [ "jar" ];

	meta = {
	homepage = "https://github.com/WeAreWizards/passopolis-server";
	description = "A well-designed, well-functioning and secure secret manager.";
	license = stdenv.lib.licenses.gpl3;
	};
	}
	{ config, lib, pkgs, ... }:

	with lib;

	let
	cfg = config.services.passopolis;
	in {
	###### interface

	options = {

	services.passopolis = {

	enable = mkEnableOption "Passopolis";

	user = mkOption {
	type = types.str;
	default = "passopolis";
	description = "User account under which passopolis runs.";
	};

	statePath = mkOption {
	type = types.str;
	default = "/var/passopolis";
	description = "The state directory";
	};

	databaseHost = mkOption {
	type = types.str;
	default = "127.0.0.1";
	description = "Database hostname";
	};

	databaseName = mkOption {
	type = types.str;
	default = "passopolis";
	description = "Database name";
	};

	enablePostgreSQLDatabase = mkOption {
	type = types.bool;
	default = true;
	description = ''
	Whether to enable a local postgresql service as database for passopolis
	'';
	};
	};

	};


	###### implementation

	config = mkIf cfg.enable {

	users.extraUsers.passopolis = {
	name = cfg.user;
	description = "Passopolis service user";
	};

	services.postgresql.enable = mkDefault true;
	environment.systemPackages = [
	import ./pkg.nix
	];

	systemd.services.passopolis = {
	description = "Passopolis service";
	after = [ "network.target" "postgresql.service" ];
	wantedBy = [ "multi-user.target" ];
	path = with pkgs; optional cfg.enablePostgreSQLDatabase [
	config.services.postgresql.package
	];
	preStart = ''
	mkdir -p ${cfg.statePath}
	chown ${cfg.user} ${cfg.statePath}
	${lib.optionalString cfg.enablePostgreSQLDatabase ''
	if ! test -e "${cfg.statePath}/db-created"; then
	psql postgres -c "CREATE ROLE ${cfg.user} WITH LOGIN NOCREATEDB NOCREATEROLE NOCREATEUSER"
	${config.services.postgresql.package}/bin/createdb --owner ${cfg.user} ${cfg.databaseName} \|\| true
	touch "${cfg.statePath}/db-created"
	fi
	''}
	'';

	serviceConfig = {
	PermissionsStartOnly = true; # preStart must be run as root
	Type = "simple";
	ExecStart = "${pkgs.jre}/bin/java -DgenerateSecretsForTest=true -Ddatabase_url=jdbc:postgresql://${cfg.databaseHost}:5432/${cfg.databaseName} -ea -jar ${pkgs.passopolis}/share/java/mitrocore.jar";
	User = cfg.user;
	};
	};
	};
	}